The breach has been fixed, but servers all over the world must install the latest versions of the OpenSSL software.

The breach can be compared to having top-notch security all over and around your house -- but if someone goes to the exact right location behind your garden shed and peeks into the gutter he can extract random pieces of information from the internal workings of the lock to your front door. Repeat this many times over and he will have enough information to replicate the keys to your house (and the code to deactivate your alarm.)

No doubt criminals all over the world are rushing to take advantage of this security flaw before all servers are upgraded. The smaller organisations with less resources will be the slowest to upgrade, and thus vulnerable for a longer time. Anyone seriously about internet security should have upgraded openSSL yesterday.

I've heard estimates that OpenSSL would be running on something like 60% of the servers on the internet.

What no one knows is: Has this flaw been known to criminals before the day before yesterday? If so, they've had ample time to snoop around and sniff out vital security information. If NO ONE with bad intend didn't know about this before... then we've been very lucky, to say the least. But even _*if*_ we are so lucky, criminals will surely be working like mad right now to build tools to extract as much as they can from the remaining servers that hasn't upgraded their openSSL software.